Before commencement of processing activities all individuals working with data and systems have been identified using a nationally issued Identification Document or through a trusted federated identity provider.
Specification
Trusted Identity providers include Studielink, IDIN, DigID and providers that identify according to EIDAS level "Substantial" or "High".
ISO 27001 & 27002:2022
A5.2,
A5.3,
A5.15,
A5.16,
A5.17,
A5.18,
A6.1,
A6.2,
A6.6,
A8.2
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
HR.01 Recruitement (incl onboarding procedures)
ID.01 Access rules